We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Texas says you’re all on notice by amending its data breach notification law

Texas recently amended its data breach notification law, Tex BC. Code Ann. § 521.053, to clarify that if a data subject is a resident of a state other than Texas that has its own breach notification law, a company that does business in Texas can notify that data subject either pursuant to Texas law or pursuant to the law of the state of residence. In other words, according to Texas, Texas companies do not have to become familiar with the breach notification laws of other states. (Query whether those other states would agree.)

As we blogged about here, Texas previously amended its breach notification law in September 2012 to specifically require notification of data breaches to residents of states that had not enacted their own law requiring such notification. The amended law was confusing as to which law should apply when the state of residence did have a breach notification law.

The reporting obligations will still apply to persons that “conduct business” in Texas, although the law does not provide guidance on what it means to “conduct business” in Texas. As a result, in the event of a data breach, a company that does business in Texas could be required to timely notify individuals nation-wide or face a fine of up to $250,000 for failing to do so.

Related topic hubs

Compare jurisdictions: Data Security & Cybercrime

“Lexology/Newsstand articles are very good quality. I like the short summary style and how it is broken down by practice area. Lexology/Newsstand is a good indicator of whether a law firm has an attorney who is knowledgeable about a subject area.”